FaceApp's incredible overnight success gives us a few important lessons
This article may contain personal views and opinion from the author.
Unless you've been living under a rock, you have heard about it: FaceApp is the new must-try app sensation! This latest seemingly inconspicuous app uses AI to perform a magic trick (it really is incredibly realistic): it changes your photo so you look younger or older. But along with the fun and laughs, a few people -- us included -- have quickly noticed how the app provides all that fun at the costly price of getting access to your data... and keeping it.
Hidden in the terms and conditions that we all know are always an incredibly popular read (we kid, we kid) is the following outrageous statement:
Wait... what? We get it: "legalese" can sound quite dramatic, but this goes beyond that. "Perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable"... I'd better read that one more time just in case it mentions my kidney somewhere! But no, human organs are thankfully not mentioned.
There is, however, something quite troubling indeed: the privacy statement of the app mentions that it can use your photo along with personal data like a user name and even a real name. At the same time, no details are given about how long the app will store your photos and what are the means for a user to request that their personal data is deleted after it's been used to create that one fun photo. US Senate Minority leader Chuck Schumer also noticed and called for regulation citing these practices as "dark patterns" that can mislead users and raise some serious privacy issues. Add to that the simple fact that FaceApp is an app developed in Russia and all sorts of conspiracy theories come to mind, but that is a bit beyond the point here.
The crowd's reaction: more people downloaded the app!
Yep, all those warnings were useless.
What strikes me most about the FaceApp story, however, is not that an app that has unclear terms and conditions has shot up to the top of the Apple and Android app stores. We have Facebook after all, which is much worse.
It is what happened after all those warnings that is particularly interesting. Nobody stopped using the app all of a sudden. Quite the opposite happened: a few million people more downloaded it and uploaded a bunch more photos and a ton more personal data to some server somewhere without getting any guarantees about the way that data will be used.
Perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license
This reaction of the crowd is revealing: no meaningful number of people would ignore a fun little app. Even for those who knew like myself, I was tempted to try it out: "it's just another whimsical fun little app", or "it can't possibly be that harmful", went my poor attempt of an excuse.
But reading the terms and conditions shows that at best, we have a very poorly written privacy statement, and at worse, we have a privacy risk.
What FaceApp painfully exposes once again is probably the biggest weakness that has helped the likes of Facebook, Google and many others built their advertizing empires, and of government agencies scarily deep databases about citizens of their own and other countries.
Google and Apple have done nothing
So... you would expect that Apple and Google would have some safeguards against such a situation, right?
Well, obviously not. Apple, which manually checks every single application before it enters the App Store, did not seem to have found anything troubling and has not only allowed the app, but has not reacted in any way since news broke about the possible privacy concerns. Google also has not reacted in any way to the threat from an app like FaceApp abusing user data.
And why would they? While both these companies are concerned about user privacy (Apple admittedly a bit more so), it does not seem that we have a nationwide agreement about what constitutes fair data use and what are the checks and balances. And with this, we reach the bigger problem...
User privacy means nothing
Where are the laws protecting our data?
The big problem is that ultimately, user privacy means nothing, unless a new app by a Russian company appears that could be stealing the photos and personal data of US citizens.
It turns out that it is extremely easy to gather the personal data of millions of people: just build a fun app that changes you so you look like a unicorn... or whatever. Unless your app becomes truly viral chances are no one will notice how you use users' data. Or if someone notices, that would usually be a few million private photos too late.
What the current situation reveals is that we need to talk seriously about data security and user privacy. We need to enact strict rules that protect our privacy. Even if this ends up hurting Facebook and Google, and yes, FaceApp too, a bit. I am certain those companies can easily weather such a storm.
But slapping a one-time fine that is less than one of these companies makes in a quarter, will do nothing but convince those big companies they can just continue using and abusing everyone's data.